8.2.3 - I D S and I P S for Cisco CCNA Discovery 2 Hoofdstuk 8

CCNA Discovery - Working at a Small-to-Medium Business or ISP

8 ISP Responsibility

8.0 Chapter Introduction

8.0.1 Introduction

Page 1:8.0.1 - Introduction

As the reliance on network services increases, the ISP must provide, maintain, secure, and recover critical business services.The ISP develops and maintains security policies and procedures for their customers along withdisaster recovery plans for their network hardware and data.After completion of this chapter, you should be able to:Describe ISP security policies and procedures.Describe the tools used in implementing security at the ISP .Describe the monitoring and managing of the ISP .Describe the responsibilities of the ISP with regard to maintenance and recovery.

8.1 ISP Security Considerations

8.1.1 ISP Security Services

Page 1:

Any active Internet connection for a computer can make that computer a target for maliciousactivity.Malware, or malicious software such as a computer virus,worm,or spyware,can arrive in an email or be downloaded from a website. Problems that cause large-scale failures in ISP networksoften originate from unsecured desktop systems at the ISP customer locations.If the ISP is hosting any web or e-commerce sites, the ISP may have confidential files with financialdata or bank account information stored on their servers. The ISP is required to maintain thecustomer data in a secure way.ISPs play a big role in helping to protect the home and business users that use their services. Thesecurity services that they provide also protect the servers that are located at the service provider premise. Service providers are often called upon to help their customers secure their local networksand workstations to reduce the risks of compromise.

There are many actions that can be taken both at the local site and the ISP to secure operatingsystems, data stored on operating systems, and data transmitted between computer systems.

8.1.1 - ISP Security Services

The diagram depicts a man sitting at his work station typing in his user name and password. In theforeground there is a sinister looking character holding up a laptop displaying the user name and password.

Page 2:

If an ISP is providing web hosting or email services for a customer, it is important that the ISP protect that information from malicious attack. This protection can be complicated because ISPsoften use a single server, or cluster of servers, to maintain data that belongs to more than onecustomer.To help prevent attacks on these vulnerabilities, many ISPs provide managed desktop securityservices for their customers. An important part of the job of an on-site support technician is toimplement security best practices on client computers. Some of the security services that an ISPsupport technician can provide include:

•

Helping clients to create secure passwords for devices

•

Securing applications using patch management and software upgrades

•

Removing unnecessary applications and services that can create vulnerabilities

•

Ensuring applications and services are available to the users that need them and no one else

•

Configuring desktop firewalls and virus-checking software

•

Performing security scans on software and services to determine vulnerabilities that thetechnician must protect from attack

8.1.1 - ISP Security Services

The diagram depicts a Windows Log On window and the System Properties window with theAutomatic Updates tab selected. There is a brief description for each of the following security practices: Password Security, Extraneous Services, Patch Management, Application Security, User Rights, and Security Scanning.Password SecurityChoose a complex password. A complex password consists of a mix of upper case characters, lower case characters, numbers, and symbols. A complex password should be at least eight characters inlength and never be based on a dictionary word or personal information that someone may be ableto guess.It is also recommended that passwords be changed periodically. Software exists that can allow ahacker to crack passwords by trying every possible combination of letters, numbers, and symbols tofigure out passwords.By changing your password periodically, brute force password cracking is less of an issue because by the time the hacker cracks the password, the password should already be changed to something

different.Extraneous ServicesOne of the most common methods used to compromise a computer system is to exploitunconfigured or misconfigured services. The nature of a service is it listens for requests fromexternal computer systems. If the service has a known exploitable flaw due to not being configuredor being configured incorrectly, then a hacker or a worm can compromise that service and gainaccess to the computer system that the service is running on.As a best practice, remove or disable all unnecessary services. For services that are necessary or cannot be uninstalled, make sure you follow the best practices in any configuration guides for that particular service.Patch Management New security exploits are constantly being identified for operating systems almost every day. All ittakes is a simple search online and you may be able to find sites that list various exploitablevulnerabilities for virtually every operating system that is available today.Operating system developers release updates regularly - daily in some cases. It is important toregularly review and install security updates for your operating systems. Most intrusions by ahacker or infections from worms and viruses can be prevented by patching the operating systemregularly.Application SecurityUnpatched and unnecessary applications installed on an operating system can increase the risk of being compromised. Just as the operating system needs to be patched regularly, so do the installedapplications.Internet based applications, such as Internet browsers and email applications, are the most importantapplications to constantly patch, since these applications are the most targeted type of application.User RightsOn a typical modern operating system there are multiple levels of access to the operating system.When a user account has administrative access to the operating system, malware can more easilyinfect the computer system. This is due to the unrestricted access to the file system and systemservices. Normal user accounts do not have the ability to install new applications since the accounts do nothave access to areas of the file system and system files that are necessary to install mostapplications. As a result, normal users are not as susceptible to malware infections that try to installor access certain areas of the file system.As a best practice, users should only have the level of access required to perform their normal dailywork. Administrative access should only be used on occasion to perform functions that are not permitted as a normal user.Security ScanningThere are many tools that can help you secure your operating system. Most security scanning toolsreview many system security weaknesses and report back on how to rectify the problems thesoftware found.Some of the more advanced scanning software packages go beyond the typical operating system

Category:	School Work > Study Guides, Notes, & Quizzes
Rating:
Upload Date:	07/08/2009
Copyright:	Attribution Non-commercial
Tags:	This document has no tags.

Documents

People